A new international standard aimed at tackling bribery is about to be published. ISO 37001 is intended to help companies demonstrate (for the first time) that they have internationally recognised anti bribery policies. As such it is likely to be important for attracting and retaining global business. Indeed, it is possible that ISO 37001 certification will come to be regarded as the benchmark against which anti bribery management is judged by stakeholders, clients and regulators. Potentially, those who choose not to sign up could be disadvantaged. This is an ideal time to review anti-bribery and corruption policies and consider if certification is right for your organisation.
After the Bribery Act came into force there was anxiety that it would hinder international business for organisations with UK operations. The lack of prescriptive requirements caused uncertainty about compliance. Five years on, doing business overseas has not ground to a halt and Brexit means that seeking business abroad will become increasingly important. However, tolerance of bribery as a necessary part of doing business overseas is no longer regarded as acceptable. Many organisations now have procedures in place to mitigate the risks of bribery. Whether those procedures are adequate or not such that they could provide a defence to the corporate offence of failing to prevent bribery (section 7 of the Bribery Act) remains questionable.
ISO 37001 intends to address some of the uncertainty and merits a closer look. Three years in the making, the international standard will provide a set of verifiable requirements not just guidelines. This means that an independent third party can audit organisations’ management systems and policies and certify that they are compliant with the standard. Just like ISO 9001; ISO 14001; and OHSAS 18001 in relation to health and safety compliance ISO 37001 will allow organisations, once certified, to make statements to the effect that their anti bribery management systems are “ISO 37001 certified”.
A statement that a certified anti bribery management system is in place is not a guaranteed defence to any bribery offences. However, the international standard could go some way to demonstrating “adequate procedures” to prevent bribery for the purposes of the Bribery Act. It could also be a valuable management tool in identifying any compliance gaps providing reassurance for boards, shareholders or investors. It is easy to see it becoming a key part of the procurement process: a requirement for tenders or a yardstick as part of due diligence in M&A work.
Whether certification should be sought or not may ultimately come down to a cost/benefit analysis: existing anti-bribery policies and procedures may already reflect the ultimate requirements of ISO 37001 in which case, certification may be an easy decision to opt for. If resources (time and costs) are required in order to bring an organisations’ policies and procedures up to reach the standard then a commercial decision will have to be made.
If your business does not already have adequate procedures in place now could be the time to start. If your business does have adequate procedures this is an ideal time to review. While we wait for publication we recommend that you keep up to date with developments in relation to ISO 37001 and consider whether certification is right for you.